z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


PKCS #11 Unwrap key (CSFPUWK and CSFPUWK6)

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

Use unwrap key callable service to unwrap and create a key object using another key. The following formatting is supported:

  • PKCS 1.2 formatting is supported for a DES, DES3, AES, BLOWFISH, RC4, or GENERIC secret wrapped by an RSA public key.
    • A new secret key object is created with the decrypted key value
    • The unwrapping key must be a private key object
    • The CKA_UNWRAP attribute must be true
  • PKCS 8 formatting (CBC mode with padding) is supported for an RSA, DSA, Elliptic Curve, and Diffie-Hellman private key wrapped by a secret key.
    • A new private key object is created with the decrypted key values
    • The unwrapping key must be a secret key object
    • The CKA_UNWRAP attribute must be true
    • The encryption mechanism must be specified in the rule array and must match the key type of the secret key object

The callable service can be invoked in AMODE(24), AMODE(31), or AMODE(64). 64-bit callers must use CSFPUWK6.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014